Why Network Visibility Is Critical to Removing Security Blind Spots

You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.

There's an axiom used by security professionals that states: "You can't secure what you can't see." This rather simplistic statement actually has many different meanings when it comes to securing a business because of the rapidly growing number of network blind spots that exist in today's information technology infrastructure.

I recently ran across a post on network visibility that did a nice job of describing how greater visibility enables better security. This is something I have been preaching for years. Below are what I consider the four top blind spots in networking, and the role that visibility plays to shine a light on them. But first a definition: network visibility is being able to "see" all endpoints and traffic that traverse the company network, which now extends to the public cloud.

Blind Spot 1: East-West Data Center TrafficIn the client-server era, all traffic went from a computer, into the data center, to the core, and back. This is known as north-south traffic. Securing this type of traffic flow means putting big firewalls and other tools in the core of the network where traffic would be inspected as it passed through. Over time the folks at VMware figured out a way to virtualize workloads and send traffic between them, even if they are in another location of the data center. This is known as east-west traffic.

The challenge in securing east-west traffic is that it never passes through the core, so it bypasses all your traditional (and expensive) tools, as well as new ones such as behavioral analysis. Organizations could try to deploy security tools at every possible east-west junction, but that would be ridiculously expensive and complicated. Network visibility tools allow security managers to see every east-west flow and then individually direct them to specific security tools instead of sending all traffic to all tools. This enables organizations to move forward with initiatives that drive up the amount of east-west traffic, such as cloud, container, and virtualization initiatives, without putting the business at risk.

Blind Spot 2: Internet of Things (IoT)The IoT era has arrived and businesses are connecting non-IT devices at a furious rate. Building facilities, factory floor equipment, medical equipment, and other IoT endpoints are now connected to the company network. One of the challenges is that the majority of IoT devices, 60% according to ZK Research, are connected by an operational technology (OT) group and not by information technology teams. Network visibility can help IT discover these devices, infer what they are, and spot malicious traffic.

For example, a connected device that sends traffic to Lutron Electronics every day is likely an LED lighting system. If the lights suddenly start communicating with the accounting server, a breach can be assumed and the device immediately quarantined. Without visibility, this could take months to find. With visibility, this breach could be found almost instantly.

Blind Spot 3: Insider ThreatsMalicious users or infected devices can be very difficult to spot as they are typically "trusted." For example, a worker on vacation might have his or her laptop compromised when connected to free Wi-Fi service in a coffee shop. The person then returns to work, passes the authentication tests, and spreads the malware across the company. What's more, with traditional perimeter security, there is no way for a company to know that a disgruntled employee is stealing the entire customer database and selling it to a competitor because the traffic never goes through the firewall. In both cases, a good baseline of traffic helps security professional understand the norm, so if a worker's devices start exhibiting odd behavior, it can be flagged, quarantined, and inspected, minimizing the damage.

Blind Spot 4: Cloud TrafficThe use of public cloud services such as Amazon Web Services and Azure has skyrocketed over the past several years and will continue to grow as more businesses move on-premises data and technology to a cloud model. One of the security problems with the cloud is that, by definition, cloud technology is located outside of the business's secure perimeter. Consequently, conventional wisdom asserts that data in the cloud can't be secured locally.

The truth is, almost all cloud providers offer tools that provide basic telemetry information, and some of the more advanced visibility vendors/network packet brokers now provide pervasive visibility into AWS, Azure, and other cloud service providers. This effectively makes the cloud an extension of the enterprise network. In addition to security, this data can be used for analytics, performance monitoring, or machine learning.

We live in a world today where literally everything in a company is being connected, virtualized, mobilized, and pushed into the cloud, making data significantly more difficult to secure. If you can't secure what you can't see, then invest in network visibility tools that shine a light on security blind spots. Then shut them down!

Zeus Kerravala provides a mix of tactical advice and long term strategic advice to help his clients in the current business climate. Kerravala provides research and advice to the following constituents: end user IT and network managers, vendors of IT hardware, software and ... View Full Bio

There is significant importance of network visibility whether it is for a network or for a website. The four ways discussed in this article are efficient, and i will definitely apply them on my website at: https://australianassignmenthelp.com/assignment-help-canberra

We at Expertsmind have come up with an Excellent and Probably the most effective amenities of management online tutoring. This certain service allows you to connect with our very capable management specialists and Cara Menyembuhkan Psoriasis Secara Alami Dan Cepat.

Core programs help students to comprehend the scope of action, historic improvement, future path and trends, and common types and roles of organizations that function in a vocation field. Visit : Obat Herbal Infeksi Kulit

Awesome post its help us to inhanced my knowledge about the different type of data flows in the client and server websites and how cloud services are helping us to get secure data. This article can definately help some of my students in their assignment help.

Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...

A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page &quot;/ui/cbpc/login&quot; is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie &quot;sid&quot; generated by the page. The attacker will have acc...